Who is mutating transactions?

[ZephramC]

I have to ask this question, because nobody asked it yet. Someone (a group?) with technical abilities and some serious hardware
has been scamming MtGox of (many?) coins, resulting in them deciding to stop the BTC withdrawals until they (allegedly?) will fix the problem.
Now that the main target is not available, the scammer(s) may try the same on other major exchanges, like Bitstamp and BTC-E.
Right now I don't know if those exchanges are as vulnerable (or not at all) as MtGox to this exploit, and it would be good if they would clarify this.

Back to the OP, the scammer(s) did something illegal and while MtGox's management / technical staff should take a lot of blame, for not
fixing this without waiting for a general fix from the core developers, it seems no one cares about those who are at the root of the problem.
So I am asking again, who could be at the root of the problem (mutated transactions), please speculate and maybe a suspect will eventually emerge.

Maybe I am playing devils advocate here, but ... Although it might be harmful and malicious, what exactly is (or should be) illegal about mutating transactions and rebroadcasting them? Bitcoin reference client is open source and operating any modified version is not illegal.

[Tzupy]

OK, you have a point, it's not illegal to mutate bitcoin transactions. But the operation isn't zero-cost,
so I assumed that someone is doing this for a profit (whatever that is), and that is probably illegal.
Could be someone who wants to undermine the whole bitcoin concept, like a competitor, in which case
it's unfair competition, or just some hackers that scammed MtGox for thousands of coins (I wish they would clarify this).

[thenoblebot]

OK, you have a point, it's not illegal to mutate bitcoin transactions. But the operation isn't zero-cost,
so I assumed that someone is doing this for a profit (whatever that is), and that is probably illegal.
Could be someone who wants to undermine the whole bitcoin concept, like a competitor, in which case
it's unfair competition, or just some hackers that scammed MtGox for thousands of coins (I wish they would clarify this).

I don't think anyone scammed Gox , although it could very well be possible they are trying to scam others right now. After posting about the attack scheme here two days ago and also on the mailing list : https://bitcointalk.org/index.php?topic=458608.0 .. I am beginning to think it could be either Gox or an insider job with collusion with antagonistic forces (all speculation here .. but I guess thats all we can do for now).

Check the sequence of events here : http://thenoblebot.blogspot.in/2014/02/malleability-attack-bitcoin.html. Hope we can get down to the bottom of this.

[Syke]

Sorry by "miner" I mean the entity that is actually constructing the block.  That would be pool operators, solo miners, p2p miners, etc.  If you are not constructing the block you aren't a miner, you are a "hashrate provider" who blindly hashes whatever the pool tells you to.  An independent contractor if you will who sells his hashing power for a contracted rate.

p2pool and solo miners are insignificant (unfortunately). Connect to the top 2-3 pools and you're golden.

[tl121]

Sorry, if I am repeating questions that have already been answered.

1. Is there a precise and unique canonical form for every legal bitcoin transaction?
2. Given a bitcoin transaction, is there a specified and efficient algorithm for verifying whether or not the transaction is in canonical form?
3. Given a bitcoin transaction that is not in canonical form is there a specified and efficient algorithm for converting the transaction into canonical form?
4. Assuming the answer to the above questions are "yes" then how widely deployed are these implementations?

At this point, there are two ways a transaction can be mutated:  if it is in non-canonical form, it can be converted to canonical form. Alternatively, if it is in canonical form, it can be converted to a non-canonical form.

It seems to me that the only serious problem would be if miners are mining transactions that aren't in canonical form. Is this happening?  (It would seem easy to check by simply examining the block chain.)  If the minors are not doing this, then it seems that the entire issue is "much ado about nothing".  If the originating (custom) wallet is outputting transactions that aren't in canonical form, it is simply broken and should be fixed.  However, this is not a global problem for bitcoin, just a problem for the users of the broken wallet.

It seems only good computing hygiene to implement a canonical form and to strictly enforce it. It's not that this is a new problem.  In the context of Bitcoin it has been known for several years.  In the context of cryptography the requirement for canonical forms in data representations has been known for decades. IMO it is more important to clean up and simplify  a protocol before adding new and more complex features that will explore existing and new "edge" cases.

[DeathAndTaxes]

1. Is there a precise and unique canonical form for every legal bitcoin transaction?

No.  The "solution" involves restricting tx such that there is only one form but it is a non-trivial change.  

See here for some more info:
https://bitcointalk.org/index.php?topic=459678.msg5128555#msg5128555

Disclaimer: it is intended for general information as opposed to a developer implementation guide.  For brevity and simplicity some things have been abstracted.

In the context of cryptography the requirement for canonical forms in data representations has been known for decades.

Two of the three issues relate to the fact that other cryptographic systems are not canonical.  When it is all done Bitcoin will be more restricted than the underlying systems is relies on.

[leopard2]

The "attack node" can also intentionally not relay the originals.   If one wanted to increase the odds they would run multiple attack nodes each with thousands or tens of thousands of connection in an attempt to "cut off" and delay the original transactions from miners.  They don't have to win every race, just enough to cause some "chaos".

Some similarity here with how the NSA's Quantum / Foxacid servers work? 

To trick targets into visiting a FoxAcid server, the NSA relies on its secret partnerships with US telecoms companies. As part of the Turmoil system, the NSA places secret servers, codenamed Quantum, at key places on the internet backbone. This placement ensures that they can react faster than other websites can. By exploiting that speed difference, these servers can impersonate a visited website to the target before the legitimate website can respond, thereby tricking the target's browser to visit a Foxacid server.